Radio gaga: Techies fear EU directive to stop RF device tinkering will do more harm than good EU plans to ban the sale of user-moddable radio frequency devices – like phones and routers – have provoked widespread condemnation from across the political bloc. The controversy centres on Article 3(3)(i) of the EU Radio Equipment Directive, which was passed into law back in 2014. However, an EU working group is now about …
You mean they haven't they given up in disgust, packed up, and left yet?
They're getting their coats.
Third-party firmware would be the kind of pragmatic thing the UK probably would have argued for before it started sitting in the corner and started babbling to itself.
UK probably would have argued for before it started sitting in the corner and started babbling to itself
Tea through nostrils again. Cheers, Dan!
I'm laughing because if I stop I'll start crying.
Now electrical equipment that is plugged into the electrical grid are expected to be safe. There are regulations in place that attempt to protect consumers, and the grid, from unsafe equipment. The electricity grid has safeguards built into it to minimise the impact of unsafe equipment. I don't think anybody thinks this is a bad thing.
So why such strong objections for equipment plugging into the RF grid which, I think, lacks the kind of safeguards that apply to the electricity grid.
We know that all the gadgets being plugged in are completely fucked. They are full of bugs and are actually dangerous when you consider how they can be exploited. So this legislation is basically saying you need to be compliant before you get on the grid...just like electrical equipment, just like cars before they get on the road, just like aircraft before they carry passengers,..... I don't hear objections in these cases.
Is this really so bad?
Cue down votes.
"So why such strong objections for equipment plugging into the RF grid which, I think, lacks the kind of safeguards that apply to the electricity grid."
There's a difference between regulating something that has the potential to burn down your home, and kill you and your neighbors, and something that might cause some interference and inconvenience if misconfigured. You could argue that insecure devices cause harm, but it's the kind of harm that isn't likely to result in actual death or destruction.
Of course there's nothing currently in place to prevent some idiot from sticking a fork in a toaster or using "password123" to secure their router.
Smart heaters? Smart ovens?
Botnets created from rooted routers to take down critical infrastructure.
My point is that we actually have reached the point where insecure devices can cause harm and destruction and we need to start thinking about that because there are billions of them out there.
"My point is that we actually have reached the point where insecure devices can cause harm and destruction and we need to start thinking about that because there are billions of them out there."
But then regulation has done little to stem the tide of insecure stuff. Indeed, insecurity is a bigger problem with 'sanctioned' devices and install than, I would certainly argue, opensource. (See OpenWRT).
DCMA did little to prevent privacy, infact what you did see was abuse of that act to further the interests of corporations with little regard to the intent of the original proposal.
Your point about insecure devices being plentiful actually means we should start insisting on decent security and putting that into law, not useless 'shut your eyes so you can't see this secret' style of regulation.
"Botnets created from rooted routers to take down critical infrastructure.
My point is that we actually have reached the point where insecure devices can cause harm and destruction and we need to start thinking about that because there are billions of them out there."
None of which has anything whatsoever to do with this article, which is about regulations covering interference. Banning people from installing their own software on a router will do nothing to prevent them from using 12345 as their password. Indeed, if anything it will do the exact opposite since most issues with botnets are the result of devices being insecure as sold, and this law could prevent anyone from ever actually fixing their own. If you want to propose laws to enforce good security on internet-connected devices, that's not a bad idea in principle, it's just not in any relevant to laws about exactly what wavelengths devices are allowed to broadcast on.
As for things like smart heaters, I don't know the current state of the law but certainly such issues should be dealt with in hardware. If it's possible to cause a heater to burn down your house by modifying its software, it's not the software modification that's the problem, it's the fact that someone has designed a heater that can be instructed to burn down a house. If you look at something like a regular, non-connected electric heater, it's simply not possible to set it in such a way that it will, on its own, cause any harm. You might get uncomfortably hot, and you can cause issues if you put flammable materials directly on the hot bits or plug it into an overloaded socket, but the heater itself cannot spontaneously start a fire if used correctly. A smart heater should be exactly the same - no matter what clever stuff it does to decide when and how to heat up, it should be physically impossible to actually be dangerous no matter how the instructions are modified.
"None of which has anything whatsoever to do with this article, which is about regulations covering interference."
I disagree that it's unrelated. Playing devil's advocate, the argument I see from a few comments (but not sure I agree with) is that if there was regulation that ensured better security and support by manufacturers of devices with radios, then there would be less need for the custom firmware that the regulation in this article would prohibit, ie that regulation would be less of a problem.
"A smart heater should be exactly the same - no matter what clever stuff it does to decide when and how to heat up, it should be physically impossible to actually be dangerous no matter how the instructions are modified."
This amounts to saying that the hardware should be designed to prevent the problem. I agree, but this seems impossible for software defined radio.
Original: "None of which has anything whatsoever to do with this article, which is about regulations covering interference."
Reply: "I disagree that it's unrelated."
Unfortunately, you have it very wrong. Let's analyze this.
The regulations are about RF transmission. They are not about security. They require that the manufacturers vet their software to make sure that it doesn't blast RF at random wavelengths. It doesn't. WiFi chips don't do this unless you have the really bad and possibly broken kind. So it requires manufacturers to certify something that they already do, while prohibiting other software being installed on the devices at all. That software doesn't modify the chip to interfere either, because nobody wants a radio blowtorch. So what really happens is that replacement software that doesn't have any harmful effect is being banned for no good reason. Meanwhile,, any security problem in the original router doesn't get tested and can continue on.
That's why your botnet argument is very bad. A default firmware can be fine, but is usually not. A replacement firmware is almost certain to be better in terms of security, and allows users to do things like prevent UPNP and configure a good firewall, which may be restricted or made difficult by bad default firmware. Forcing inclined users to use only the stock firmware means that they will be less secure. It's like arguing that we must ban microwaves because they cause spikes when you turn them on, and an attacker could plug a bunch in around a target and cause a circuit breaker to activate. It is technically true, but misses the point because people don't do that with microwaves and banning them doesn't prevent the problem.
So the general public has to be legally required to be exposed to the terrible practices of router manufacturers because too many others are stupid enough to put critical infrastructure on the internet? Wouldn't it be better to forbid placing critical infrastructure on the internet?
This sort of legislation seriously sounds like a race to the bottom to me.
You think this law will somehow (MAGIC?) make the WiFi router you get free from the cable company secure? The router you bought down at the mall 3 years ago that's no longer supported? Your smart TV that's 30 days past the warranty? Anything?
They are not insecure because grandma has been trying to hack them for better range, it's because makers and users treat them like toasters.
"My point is that we actually have reached the point where insecure devices can cause harm and destruction and we need to start thinking about that because there are billions of them out there."
Exactly. Allowing consumers to replace crap firmware is a way of dealing with that. Preventing them allows the problem to continue.
No, it's a way to allow them to install even crappier firmware idiots will make available on the internet "just to have fun". Never underestimate the number of idiots the internet can connect.
Radio spectrum is a shared resource, and or all the player play following the rules, or it will become a disaster - but anarcoids hoping hopelessly to turn a cheap device bought on ebay into another can't understand that.
"Radio spectrum is a shared resource, and or all the player play following the rules, or it will become a disaster"
This is completely true. However, there is a robust body of law (in both the US and Europe) that already exists to handle this. I don't know about Europe, but in the US if somebody is interfering with licensed frequencies, it's not hard to find and deal with them regardless of how they're doing it. It doesn't matter if it's from a WiFi access point, an SDR, malfunctioning equipment, or that some kid wired together a simple radio jammer.
It seems to me that if there exists a problem with WiFi that is severe enough to warrant such draconian special measures as this, it might be more effective to take a look at better enforcement of currently existing laws.
"Smart heaters? Smart ovens?
Botnets created from rooted routers to take down critical infrastructure."
Those are issues with networking and operating systems.
Nothing to do with RF regulation.
The bands used by WiFi, Bluetooth etc are unregulated. That means what goes, goes. Your microwave may knock out your wifi. These unregulated/unlicensed bands are available for all and thats why they are used so much. Once regulation is brought in by the back door you will not only see the death of new technologies like IOT (even if its implemented more like Internet Of Shit) but you will see the prices go way up.
In the hands of idiots, some devices can do real harm. Especially if more and more home devices - including some critical ones for non-healthy people, depend on them. And what about thermostats, fire alarms, etc. if they're going to work more and more often on wireless connections? But it could be enough if some of your neighbors finds entertaining jamming your Champions match you're streaming.
A few days ago I read in the news two teenagers found funny to block into a bathroom a female bus driver, while menacing her. That's, unluckily, the kind of idiots you find around. They'll get basically a slap on the wrist because of their age. Or should we talk about those pointing lasers at planes, just because they can? Or those flying drones where they shouldn't?
I fully understand the concerns of those creating perfectly good firmware to keep devices working. But if you're going to create a Far West - be aware of the risks.
What do you think is more likely to be insecure, a router that someone has installed the latest version of an open firmware, or grandpa's router that the cable install guy setup 5 years ago, with remote admin turned on?
Straw man argument. No one is saying home and SOHO devices security should not be greatly incremented - and your grandpa won't be installing OpenWRT anyway.
But allowing idiots to create havoc with software defined radios won't increase security at all.
The best solution would be to block the frequencies and the transmitting power at the hardware level so idiots can't make troubles, and people buying cheap and used devices can install another firmware - but because it would make production lines more expensive it won't happen.
Electrical equipment: "There are regulations in place that attempt to protect consumers..."
Yes, they are European regulations, and the kit carries the CE mark to show the company claims compliance.
And the UK has voted that we don't like all that European interfering, we don't want all that "red tape", and we can set our own regulations. The UK just got that little bit more dangerous, as you can guarantee none of the people advocating dropping the European regulations is doing so because they believe the restrictions aren't strict enough.
Also, RF interference in the wrong place can be annoying, it's not going to kill anyone. No, it's not. The "tinkering" capable on these devices is nowhere near any frequency used by Emergency services etc.
Yes, they are European regulations, and the kit carries the CE mark to show the company claims compliance.
And there's the rub: claims compliance. No testing required.
And the UK has voted that we don't like all that European interfering, we don't want all that "red tape", and we can set our own regulations. The UK just got that little bit more dangerous, as you can guarantee none of the people advocating dropping the European regulations is doing so because they believe the restrictions aren't strict enough.
The BSI "Kitemark" requires testing by an accredited lab, just like TUV in Germany, or UL in the US. The national standards are in general far more stringent than the EU ones, not least because national standards are easier to control. I can't see the EU successfully mandating that every member must have a test lab that follows centrally-defined standards, nor would they have a hope of insisting that everything EU-wide had to be tested by, say, TUV or BSI. The price the EU pays for a common set of rules is a lax and ambiguous regulatory structure, which is the only way to get everyone to agree.
Besides, if people really want to ignore the rules they'll just keep on buying directly-imported Chinese tat from Aliexpress or Amazon, complete with the fake CE mark that doesn't actually use the defined typeface, so they can't be sued.
CE = Cannot Enforce.
Also from my own experience if you are unlucky enough to buy illegal hardware it will come back to bite you in the form of some folks knocking on your door with a search warrant.
I once bought a 2.4 GHz "sender" CE mark and all, which was so terrible it obliterated not only Wifi but Bluetooth for >200 feet around. Even the next door neighbours complained that their Internet sucked and my handheld MW leakage scanner went off the scale 20 feet away.
Don't even get me started on imported phones, you can see the resoldering marks. My basic tests showed a 2% shift in frequency just with the heat from CPU and quartz crystal looked like it was taken off a Bluetooth dongle.
Did you know that if you search for certain components, your eBay account can and will get stealth blocked! Order certain parts and its fine, others will "an error" at you.
"I can't see the EU successfully mandating that every member must have a test lab that follows centrally-defined standards, nor would they have a hope of insisting that everything EU-wide had to be tested by, say, TUV or BSI."
It doesn't need to but it could mandate testing to an approved standard by an accredited lab. The accredited lab doesn't need to be in the member state where the device is made or sold, just that it meets the requirements for accreditation. Neither does the standard need to be specifically BSI, TUV, UL or anything else, just that it be appropriate for the device.
Yes, they are European regulations, and the kit carries the CE mark to show the company claims compliance.
And the UK has voted that we don't like all that European interfering
And if you knew your stuff, you would know that much of the regulation actually comes from places other than Brussels (who, for example, mandated that the 2.4GHz and 5GHz bands were to be unlicensed globally?) , it just seems to come from Brussels as that is the clearing-house for regulation in the EU.
Assuming the UK leaves the EU, I don't expect to see much real change in the level of "red tape" - instead of it coming "gift wrapped from Brussels" for Westminster to rubber stamp, the components will land directly on desks in Whitehall to be assembled or not; from my memory of the 80's, the decision by (a sovereign) Westminster to hand responsibility for such matters over to the EU was a relief...
The problem is I have no confidence in the manufacturer's firmware when it is new and far less two years later when theey have not released a security update in over 18 months. If you want a secure router you start by looking at openwrt's supported device pages, pick one and when arrives install openwrt. Some of the manufacturers have worked out that is what techies do and advertise openwrt support before the product is even released.
Buying "Pro" equipment does not solve the problem - even if you have the budget for it. I'm sure we all have equipment gathering dust or long since skipped where the "pro" manufacturer decided to milk it's customer base by obsoleting the equipment and offering buy-back deals against new equipment.
Another side to this which could be classed as "unforeseen consequences" is the use of Software Define Radio (SDR). In the beginning amateur SDR activity was confined to hacking an existing TV/FM radio chip. Now we can easily receive and transmit on any frequency from 00 KHz to 6GHz. The genie is out of the bottle. Now we don't worry about hackable equipment as lots of SDR gear is widely available. A early "abuse" of this technology is the man in the middle attacks between car entry keyfobs and cars resulting in a rise in car thefts. I can create my own GPS signals, FM radio station, collect data on aircraft and ships at sea and also create a mobile phone base station. The equipment doesn't change as it's all software due to GNURadio and other open source applications.
The moment officialdom (EU, FCC and others) creates restrictions and barriers then you can bet that the hackers and open-source movements will get creative. Let's Face it they thrive on those challenges.
The EU is trying to "bolt the stable door after the horse has bolted". Like the recent copyright and patent issues they our way out of touch with the real world.
Sorry, but pro-level equipment is supported for far longer time than consumer level devices. Sure, it gets obsolete as well, and then it's time to replace it. After all, it probably can't support latest performance needs as well. I see the real reason here is still cheap people buying cheap used devices and hoping to make them better with OpenWRT - and totally selfish until someone will make them discover what the real issue is - and believe me, it will happen.
While the "genie is out of the bottle", the problem is still how many bottles you have around, how easy are to find, and cheap to buy and modify. While I don't care about people harming themselves while trying to modify devices they should not, I am worried when people can harm me and my activiries.
@ecofeco
"Libertarians and free marketers are idiots."
The opposites being Authoritarian and Planned economy. The first generally considered unpleasant or tyrannical and the second demonstrated to take working economies and grind them into the dust.
Think I will stick with the 'idiots' at least they are wealthy and free.
>I am amazed that so many people do not grasp the serious consequences of RF interference.
Seriously, what are the 'serious' consequences? Remember we are talking about consumer devices not TV/Radio transmitter stations blasting out 20+Kw [Aside: in the analogue days that would have been a 500+Kw signal].
Also bear in mind that my (CE compliant) devices whih I have no control over, can already put out RF interference: the boiler controls, the microwave, the radio, the HomePlug (Ethernet over AC), the electric drill, the hair dryer, the mobile phone, the kitchen food mixer...
"(CE compliant) "
I totally agree with you but I just want to point out that CE compliance means nothing. Its just a sticker applied to say that the bare minimum of tests have been done by the manufacturer to conform to some EU standards. No independent tests, no certificates issued (there are exceptions). Just a sticker applied by Bob in dispatch to say "we declare that its meeting these standards (as far as we understand them)".
You'd have to take them to court to get their test results on the device to confirm they were correct in applying the sticker, if such documents exists. You could also pay for an independant body to test the device for you so you can gather evidence for court.
There are exceptions where some devices are required to involve a notifying body when declaring CE compliance. It depends on the device. Such devices may have a certificate in the box with the reg number of the notifying body. This is just a group that was notified of the declaration, they did not verify any tests.
Most of the CE stickers you will ever see are fake anyway. Printed on an inkjet, stuck on by a chinese kid in a factory.
The equivalent to make routers you can't load new software into is requiring electricians to install receptacles and switches using rivets instead of screws so the homeowner can't fix/alter them. I'm sure that would prevent a few fires or deaths by electrocution each year, from people who don't know what they are doing trying to replace a light switch on their own.
The correct fix to people modifying firmware to use frequencies that aren't licensed is to give them a big fine and long jail sentence if they are caught interfering with legitimate frequencies - especially airport, emergency or military frequencies. If that's the law of the land in the EU, then if anyone asked in DD-WRT or OpenWRT forums about how to enable non-licensed frequencies someone would very quickly inform them what will happen if they get caught.
> So why such strong objections for equipment plugging into the RF grid which, I think, lacks the kind of safeguards that apply to the electricity grid.
Firstly, any wifi router, as sold, has to comply with RF interference rules. If a rogue product comes onto the market then it can be removed, subjected to a recall notice etc as necessary.
BUT this legislation doesn't apply to routers as first sold: it applies to user mods afterwards. That would be fine if and only if there was evidence that user mods were causing widespread (or even near spread) RF interference problems. But there isn't any.
So we have proposed legislation that defends against an essentially hypothetical problem but is absolutely guaranteed to exacerbate a proven problem, namely that of botnets taking advantage of weak router security. Why would you do that?
For now - because there were no cheap available software defined radios, or they were locked down well enough. Just wait...
And good luck hunting down interference.
Botnets will still take advantage of weak router security because most users have no clue, and only a tiny percentage install open firmware on their devices - and now that percentage will be increased by those aiming to see what they can do with software defined radios - maybe after having compromised the device.
These are two different issues with a small intersection - moreover open source firmware are not available for all devices, the number of vulnerable ones will be very high until OEMs aren't forced to provide security updates, and users to install them - and vulnerable devices with software defined radios will be even worse.
But routers won't be causing it. SDRs will be causing it. And fines and prison terms can be doled out to the people using the SDRs to interfere.
As for open firmware on routers, I can use it to ensure that my installation is secure. At the very least, that's one fewer pier in the botnet. It allows development of software for these devices that improves security for the users and the internet as a whole. Most importantly, there is no good reason to ban it.
I don't suppose you are familiar with the options available to consumers in the old days of Ma Bell? You could rent an "extension phone" for a few bucks each month. Ever heard of Carterfone? Restrictions were rationalized in the name of protecting the network from damage. Plus ça change...
So the Oneplus 2 and Xperia XA2 i've just loaded with LineageOS to replace a pair of Lumia 830's would effectively be illegal?
Would it also be illegal to sell second-hand devices that are capable of being modified?
Is this a 'real' problem with routers, phones etc. polluting communication frequency bands - or just something the EU are preemptively trying to prevent, I suspect they'd be better off collecting old microwave ovens using something similar to the TV licence detector vans - but with real equipment insdide, not just a list of target addresses. I have read that moving 2.4Ghz wifi channels from 1,6 or 11 to the 'non standard' ones supposedly makes the quality of signal worse due to side channel interference and that the current chipsets do a good job of channel hopping without user input, but setting my router to 'Japan' and using the higher channels doesn't seem to be doing any harm....
"More likely, people will just repurpose old computers to be routers and WiFi access points instead of buying commercial gear. At least, that's 100% what I would do."
Nail hit on head.
I don't know what proportion of the broadband router using community want to or are able to change the OS of their router but I guess it to be very small, probably less than 1%. Most don't care.
Anyone who knows how to do it now wilt find a work around as suggested. This is just another case of those employed to regulate matters finding something they think they can manage. "We must do something to justify our existence. This is something therefore we shall do it"
Security and reliability of cheap IoT devices presents a far bigger threat but there is nothing the bureaucrats can do about it. Its all built in China which will ignore everything it wants to ignore. We could get HMRC to try and stop imports of electrical goods from the far east but I suspect that wouldn't go down to well with voters. Very few people give a monkey's about router software. Ban import of shiny new smartphones and you have a riot.
"More likely, people will just repurpose old computers to be routers and WiFi access points instead of buying commercial gear."
Forget repurposing the computer to be an access point. What about just using it as a computer if it is WiFi capable? Isn't this enough to push it into scope of the directive?
This post has been deleted by its author
Well, if they really do this, I guess consumer folk will just have to come up to what enterprise operations do (or at least should be doing, I know this varies widely based on how idiotic manglement is at the operation in question):
Treat the ENTIRE RF device as a snoopy, buggy, insecure, dangerous piece of poison that should never, ever see:
1.) A connection of any type to the public Internet
2.) Unencrypted internal data of any sort
This means the access points go on a private, dedicated, cabled network (no VLANs or, *shudder*, shared cabling with the WiFi on a different subnet) with a single host visible: the gateway to your VPN. Yeah, it's a nuisance and yeah, it costs more, but really the other option (everything wide open -- no, "passworded WiFi" doesn't count when the firmware is a hackable black box) isn't exactly a secure option in today's always-connected, always-hacked IoT world is it?
This also means that either phone technology will need to adapt or people need to stop bringing their favourite little spy along to every private location and conversation. Expect more businesses to start banning phones from entire properties (this is already the case in many locations), and maybe people to start telling other folks their phone isn't welcome in their flat -- after that, I wonder just how popular this new law will be. Probably the only way to fix this is to make an RF module that's isolated from the rest of the device and standardized / swappable, but that would need to be legislated as a requirement along with this new proposal.
And WTF on the environmental assessment? Of COURSE this will have an environmental impact. Even the knock on effects of people leaving their mobile behind and communicating / travelling less efficiently would increase carbon emissions, plus the glaring elephant in the room of throwaway phones and laptops like our cousins across the pond.
On my side: if I can't compile and install an OS for my phone, it's not really my phone, is it? And if it's not really my phone, I don't really want to pay to carry around a spy no matter how convenient people say it is. Maybe some convenience comes at too high a cost.
I kind of thought this is the result of an industry lobbying effort.
Or like the US equally ill-judged directive, maybe the concern about certain WiFi frequencies that have been known to hurt Doppler radar. But this is a rare issue and have been deliberate ill advised config by a few people. So basically sledgehammer and walnut come to mind.
Why would the industry lobby care? The 1% of people who use alternate firmware are still buying routers from them. It doesn't matter if your 10 year old router is still supported by those, you are going to want to buy new hardware so you can use something other than 802.11b. Even if you bought a router last year, you are going to want to upgrade to get WPA3 security and 802.11ax/wifi6 features.
Some people see conspiracy theories in everything, even when they don't make any logical sense.
"you are going to want to buy new hardware so you can use something other than 802.11b. Even if you bought a router last year, you are going to want to upgrade to get WPA3 security and 802.11ax/wifi6 features."
The average consumer, maybe. But personally, neither of those things are enough to make me stop using perfectly good gear I already own. 802.11b is more than good enough to meet my needs, I already take steps to secure my WiFi independently of WPA, and I don't have any strong desire for 802.11ax/wifi6 features.
That may change in the future of course, but probably not in the next few years.
That assumes the average consumer knows or cares that their router is bug infested. They don't, and the only way their routers get updated at all is if it has automatic updates. If it does, they don't know when it stops receiving updates.
1% of people not upgrading because they install third party software is not a concern for them, anymore than Apple truly cares about the 1% who jailbreak or Samsung about the 1% who root.
But Apple does care about the 1% who jailbreak. I don't know why they care, but they do. I have to assume that at least some companies would care about their routers being reflashed as well, but most of the ones I've seen couldn't care less what they run as long as you buy it. It's the ISPs who aren't so happy with your own hardware being used.
... and bear in mind I'm an aging techie with little experience in much of this, but, that all said:
What's the technical difference qua interference as opposed to difference qua hardware, between one of these 'open routers' and a small Pi or Linux box with the requisite software and off the shelf hardware bits?
Genuine question because my (possibly incorrect) understanding is that many of these consumer/prosumer boxes are really just just prepacked gear in a shiny box, some flashy LEDs and a small footprint.
If I'm wrong then I'd love to be educated in the difference.
This could make Raspberry Pi (and their ilk) devices illegal (if taken to absurd conclusions) or even laptops with wifi/bluetooth.
Which would be illegal, the Pi or the SD card distribution?
Not liking the idea of either happening, but illegal software is a whole new terrible idea.
"Which would be illegal, the Pi or the SD card distribution?"
Neither. It would be the radio. The obvious way to conform to such a silly law and be able to retain at least some functionality would be to make the radio chips themselves self-contained computers that don't require anything but a high-level interface into. Much like is currently done with cellphone modules.
It's an end result that would hurt a lot, but wouldn't be a complete disaster.
Not to worry, since the law won't be in effect long.
Main question is who takes over the EU once its population regresses to drooling subsistence farmers (since all them high tech gubbins are just off limits to plebs lest they hurt themselves). Russia? China? Regardless of who it is, the existing law won't be any concern whatsoever at that point!
I'd use the joke icon, but I don't think people really get the danger to the host nation of a non-innovative, technically ignorant, uneducated society in today's world. In the worst cases it can actually reach levels sufficient to implode said nations (see Venezuela).
"population regresses to drooling subsistence farmers"
You make it sound so negative. Working in IT has taught me that most people's competence to deal with new technologies ended around the Bronze Age. Just this morning I had to explain to someone that yes, you need to bring your laptop to work, and no, your screen is not the computer. Subsistence farming might save me the stress of losing every shred of hope for humanity on a daily basis...
More to the point, what does this say about Linux on laptop/desktop systems with WiFi adapters?
The WiFi adapters in these systems are just as much an RF generator as an access point. Does this mean that Linux cannot be used with WiFi without some vendor support?
At face value, this is what the article suggests, as the quotes state "software", not just "firmware"
That way madness lies!
Stet.
Taken to logical limit, this will require a ban on the sale of electronic components as they can be connected together to make a 2.4GHz radio transmitter. Bye-bye RS & Farnell!
Actually, we'll have to ban the sale of materials that could be used to construct a transistor, resistor, capacitor, inductor or antenna. Hmm. Going to be a bit difficult getting hold of steel wire and new age homeopathy shops will have to stop selling universal enegy absorbing/transmitting crystals.
Oh it's worse than that. Better ban beer, tinfoil, batteries, and mains power, since all you need to make a very powerful interference source (think orders of magnitude higher than a stupid AP) is:
An inductor (coil of wire)
A capacitor (beer bottles and tinfoil)
A spark gap (wire)
An antenna (wire)
Mains power or a nice battery array
Note to the average citizen of Blighty: DON'T TRY THIS AT HOME. Even those cottoning onto what I've listed here (a couple critical assembly steps are missing, but the parts list is 100% complete), if someone is dumb enough to build this and actually operate it they'll be tracked down and jailed really quite quickly.
Which brings up the interesting point of: why aren't the out of bands devices located and confiscated? If examining the device shows the owner modified it to TX outside the allocated bands, there are fines and prison sentences for willful interference already on the books. It's not like your device transmitting by itself on some other band at high power isn't already a bloody beacon!
there are fines and prison sentences for willful interference
Exactly. Upvote & round of applause. And a beer ...
... which brings me to my next point.
better ban beer
This is no subject for joking. Makes my blood(-alcohol level) run cold just thinking about it.
The difference is you have to understand how to make a radio, not just download from the internet some stupid firmware and start to be a danger for everybody around you.
It's impossible to stop all idiots, but a large part can be hindered with little effort.
"It's impossible to stop all idiots, but a large part can be hindered with little effort."
Least effort for most effect would be banning all those shitty leaky powerline networking adaptors. Most of them are well outside the spec and produce huge amounts of interference, even wiping out DAB signals.
The difference is you have to understand how to make a radio, not just download from the internet
Not really, no. The info on how to make said interference source is not only really easy to find online, it's in (probably) every library and several real world museums. And the result is not a radio, nor is it complex. Yet for some reason we don't have real world terrorists running around blotting out signals with this thing. Why do you suppose that is?
As an aside, much of the development of RF technology has been how to cram more data transfer into the finite amount of spectrum available, i.e. make things finer, more sensitive, etc. That does not mean the original transmitters that could obliterate the entire spectrum from DC to practically daylight stopped working, they were simply outlawed. Not by banning parts for them, but by banning their operation..
It's impossible to stop all idiots, but a large part can be hindered with little effort.
We already have Internet filtering. Throw up a filter on known ready-to-use illegal radio firmware. Simple, non-technical folks effectively hindered without any collateral damage, and technical folks know better than to try something that stupid. (or if they do, it's one of those risk/benefit things and they deserve to be located, arrested, and fined).
"it's in (probably) every library"
Not probably. Definitely. This is really simple stuff, and the required knowledge and skills to design your own are contained in just about every electronic text that I've ever read. Of course, people who don't even want to put that much effort into it can just buy one off eBay for about $10.
>not just download from the internet some stupid firmware
You will be surprised how many normal people would have difficulty downloading and installing new firmware on their router etc.
This is the point, the average person doesn't know or even want to know how to reflash their router or mobile phone, so implementing rules that make it harder for them to do something they are already highly unlikely to do benefits whom exactly?
Its not a stupid question but there are some real differences which can make repurposing router hardware much more effective than building your own in a Linux box or Pi.
Many of these include useful integrations of networking stuff (such as VLAN handling, flexible switches, multicast handling) into proprietary chips not available on the open market to put in a Pi. And the necessary firmware to load into them.
Similar issues with increasing integration of advanced WiFi capabilities such as beam-forming, etc.
Also there really is quite a lot of value in the shiny box, pre-integrated components, small footprint and things like someone else having worked out what power supply rating is needed to power it all, how best to route the RF, heat management, safety testing (think about burying such a box in an inaccessible place in your elderly parents' house), etc. It offers a lot of convenience over building your own wifi router from a Pi.
Of course there are downsides as well -- tradeoffs have to be made.
Doesn't even need to be an official RF device. I recently installed a (CE-marked) 12v switchmode power supply, bought from Amazon, to drive some electronics. Seemed to be working fine, until I noticed later that none of the WiFi devices in the house could connect to the router.
A 'scope on the output of the PSU revealed vast quantities of RF hash at fundamental frequencies well into the MHz range, and harmonics far beyond that. Several ferrite chokes and multiple capacitors later I got the hash down to a few mV, and the WiFi devices started working again. A non-technical punter would not have been able to resolve that
And that's a device that supposedly meets EU standards. They'd be better to fix that sort of EMC issue before worrying about folks tweaking their ISM-band WiFi to increase its range
I'd have just returned it giving manufacturer defect as the reason with a photo of the mess on the oscilloscope as proof.
If you can prove it's a manufacturer defect you've got up to six years to return it in England an Wales, five in Scotland, and I don't know what in NI.
I'd have just returned it giving manufacturer defect as the reason with a photo of the mess on the oscilloscope as proof.
I considered it, but it was already built-in to the equipment & my project was later than I wanted, so I decided to see if there was an easy fix first. Also, there would be no guarantee that any alternative replacement would be better.
I'm not an expert in this either, just someone who is geeky enough to have installed open source router software for fun but I would assume it's because the radio hardware in devices like a Pi can't (theoretically) be operated outsize legal limits. The software I looked at exposed many more options than the commercial versions (like turning up the power to 11) that would presumably only be legal in certain products or jurisdictions. I suppose it would be possible to make a router where the radio is walled off in some way but let's face it, there's simply no commercial motivation for the manufacturers to do it.
"There’s already a power limit."
Problem is that there are different limits in different regions (and thinks like some WiFi bands beign legalin some areas but not in others) so, for cost reduction, the devices will normally support everything and rely on firmware to restrict to the local limits .... but then some people flash different firmaware (n.b. definitely not all who use different firmware for this reason) so that they can boost transmti power past the EU limit or do things like access channels that aren't locally licensed in hope that no-one else will be using them. So effectively EU (and US) seem to be saying that to enforce local rules then equipment manufactures must only sell equipment with firmware that limits usage to the legal power/channel/etc restrictions and to prevent this being changed to anything that might contravene this.
Of course. there's a problem over importing devices from another area - perhaps we could introduce a scheme where "legal to use here" devices have a green triangle on them and "not legal to use here" have a red circle!
Ah, the old BT sticker...
Indeed, but the issue I was highlighting was that IF you start transmitting over the power limit for your jurisdiction, then you've already breached existing legislation, and this issue should be dealt with under that legislation. There's absolutely no need whatsoever for this particular piece of legislation. None.
Y'know. If this were a step back toward the days of distant yesteryear when "firmware" couldn't be modified except by replacing the chip, it might be a good thing. The modern notion that overly complex, poorly tested, logic can shipped broken then patched into a secure configuration in production doesn't seem to be working very well. But sadly, I doubt it'll work that way. Probably we'll end up with crap that is vulnerable to attack, is horribly difficult to alter, can only be (legally) fixed by the vendor, and can still be reprogrammed by any disgruntled, unemployed teenager anywhere on the planet.
Now we have two three or more problems.
Do you see that here though? I sure don't. I see the vendor and various black hats able to modify the firmware at will, not the device owner.
Semi-joke: if they're going to pass this, mandate the radio firmware be a real ROM with zero, and I mean provably zero, update functionality. Defect? Manufacturer recall....
This post has been deleted by its author
If I remember correctly, the preamble to the Radio Amateur licence states its purpose is to encourage (suitably aware of the law - hence the exam) people to EXPERIMENT with wireless telecommunication.
What ought to happen is proper enforcement against the idiots who think it's a good idea to operate out of band or outside ERP limits (and botch together a class C amplifier to do so...) This law seems to be 'lets make it a paper exercise, because that way we don't need to employ anyone who doesn't mind the rain to do enforcement'.
This is another example of centralist government. "We know better and you proles can just suck it up". Not just in this RF spectrum space but in many other spheres. EG: The role of teachers is being undermined by centralist policies. My daughter is an experienced school teacher and the "rules" often get in the way of her "doing the right thing" as a professionally qualified teacher. A robot could do the job! Then we wonder why we have some of the social problems we have.
The Health&Safety fanaticism makes blaming someone else endemic and that culture seeps into other spheres of life. In the US where speed limits can change every few hundred yards on rural roads, tends to take responsibility for proper use of speed away from drivers and gives it to absent regulators. Back in the day when I operated a Amateur Radio station I knew fully what my responsibilities were to not interfere with other spectrum users.
I'm all for sensible regulation and consequences for non compliance. For goodness sake treat us as the adults we are!
I'm of the opinion a few high profile arrests and trials stemming from someone "just using that firmware that makes my radio work better since it doesn't harm anyone to remove the limits" might do the trick, provided there was proper press coverage stating why the trial was happening. We've got the technology to track unlicensed users down fairly quickly, find someone stomping on a military allocation to watch their cat videos and watch the sparks fly!
Right now it's perceived as no worse than piracy, i.e. some kind of victimless crime (see erosion of law due to widespread disregard for bad copyright / DRM laws) when in fact there really is a victim many times for RF interference -- the licensed user of the spectrum being directly impaired in their licensed use of that spectrum.
The RFI from cheap chinese ballasts in the US is so bad, I'm told, it obliterates parts of the AM broadcast band. I can't imagine the ballasts here are much better, since they're coming from the same factories in Asia. Do something about unintentional radiators first, arrest a few of the most egregious "illegal firmware" users*, and watch the problem sort itself.
* I hesitate to say "illegal firmware", but when you're talking about compiled software that is designed to cause your hardware to emit substantial RF on frequencies that you have no license for, it's pretty much illegal to use by definition outside of a faraday cage. Sadly I'm not sure politicians would understand that; it's a semi-miracle we still have the Amateur service allocations.
"But the same lot regulated the power of a hoover so it now takes twice as long with a Euro hoover."
Current vacuum cleaner was bought because SWMBO found the previous one was so loud it made her feel ill. I chose the one with the lowest specified noise level. It meets the EU spec, not surprising being a European brand. It's also the most effective vacuum cleaner we've ever owned in half a century of home-making. It might be because the energy is going into cleaning, not making noise.
Watch out, its possible to make a small device that has negative differential resistance.
This can transmit in *any* band prohibited or otherwise just by adjusting the capacitance and/or inductance.
Works best below 500 MHz though and I made one using two carefully chosen N channel JFET and PNP transistor.
It may be worth just clarifying a few points here.
1) the RED has been in place for a few years now. So this is really not new. I think that this bit of the regulation applies to software defined radios. If your WiFi router (for example) has a radio chip that is not software defined, then the rest of the router code will not need to be locked down in this way. If the example product has software defined radio which has its own separate firmware update bootloader, and compliance is certified just to the radio chipset, then the rest of the product software will not need to be locked down in this way. If the example product has a unified code set that includes prime control of how the radio complies with RED, then this would be locked down.
2) Some directives allow self-certification, others don't. So, while "claims compliance" may be the case, in this case (if I remember correctly) there is a requirement to provide test results to a notified body, and may even require 3rd party testing. Notified Bodies can require tests to be witnessed, depending on the directive.
3) Yes, the UK has notified bodies and approved test labs that cover many of the EU directives.
4) this may be heretical, but these EU directives can be changed by lobbying and discussion, if a consensus can be gained around the change. COMMISSION DIRECTIVE 2009/137/EC of 10 November 2009 Amending Directive 2004/22/EC is an example of such an amendment, which was led from UK.
5) RFI is a significant issue, and has definitely cost lives in industrial accidents. Much of the EMC and Radio Equipment standardisation & regulation over the last 20 years has been driven by safety. The story that springs to mind is the bloke with the walkie-talkie who pressed the transmit button and dropped 400 tons of Grain on himself springs to mind, but I'm sure that there are others.
6) Regulations on radio spectrum are arcane. Some rules are "fairly" global (e.g. 2.4GHz for WiFi, spectrum for Bluetooth, etc), some are regional (e.g. around 868 MHz for ISM SRD use across the EU) and some are national (e.g. spectrum allocated for Military Use). Ultimately, though, these tend to be transposed into national rules, and a visit to the OFCOM website can be instructive.
>5) RFI is a significant issue .. The story that springs to mind is the bloke with the walkie-talkie who pressed the transmit button and dropped 400 tons of Grain on himself springs to mind ...
A perfect example of an accident that this proposed directive won't actually avoid, unless either the walkie-talkie (CE compliant?) or grain hopper (CE Compliant?) had been mod'ed by the user installing a third-party software update...
The objective of this is to cement the position of major corporates. Putting up barriers to new entrants and innovation.
A bad person ignores the law. Making additional laws never stopped a bad person. it does make breaking the law more profitable!
Virtually all "Regulation" is there to protect corporates from their customers. Not surprising when you see who turns up at regulation consultation events.
"Virtually all "Regulation" is there to protect corporates from their customers. Not surprising when you see who turns up at regulation consultation events."
That's worth repeating and should be part of any reporting on regulations.
The problem is very deep, deeper than having consultations held in a manner that makes it hard for citizens and easy for the industry to attend. I've seen that first hand when we were holding a "public" consultation, in an office building, on a Tuesday afternoon. I suggested we might get more public consultation by holding it at the community centre, on a weekend, before or after a game. That was rejected, unofficially because it meant the process would lose credibility if people attended and learned that their input meant nothing.
But it isn't just the consultation part that has regulation being written for industry.
Look at most regulation systems. Key positions are often filled by people who worked in the industry or go on to work in the industry. In many systems the conflicts of interest are on display and ignored by all involved, even the "4th Estate".
The defense given for such systems is that one has to be the person being regulated to understand what regulations are needed. That is not true, you do not have to be a criminal to be a police officer.
When we accept regulatory systems with those obvious conflicts of interest we end up with regulation protecting industry instead of society, citizens or individual consumers.
How about a law that forces manufacturers to support their products for a mandatory period of time and to fix vulnerabilities within a timely manner to a satisfactory standard?
How about a law that ensures there are no backdoors and their equipment is not vulnerable to Krack, or Broadpwn, or the BeEF Metasploit network, or mDNS / DNLA packet flooding?
What about a law that forces the manufacturers to have a minimum level of security like changing admin, admin login, disabling WPS, default WiFi passwords which aren't Numpty1 or Dummy1234?
How about a law which criminalises the crippling of routers so that you cannot use all the features?
Aren't these the reasons why people use third party firmware in the first place?
Maybe if they sorted out their shoddy kak then people wouldn't choose third party firmware. It's a bit like saying people are choosing to cook their own meals as the restaurant food is so revolting that nobody wants to eat it, so let's pass a law forcing everyone to eat it.
P.S. Anyone want a free "Super Router"? I could always find another door stop.
They had better not. I used mine this morning to build a grow lamp.
Well technically its a laptop backlight but could be used for all sorts of mischief.
Incidentally, if you are unlucky enough to live in an area where people use all the available
channels its possible to modify a Wifi sharing dock into a 2.4/5 GHz dual mode one.
Has to have USB interface ie Airtel R101 "Hindendock" (tm) but it will work with others.
The cheapest 5 GHz only USB I've seen is about £19 locally but there are cheaper ones
so could be used as a bridge as well.
If you are unlucky enough to own a temperamental router its also well worth checking for bad
capacitors. The main input one and smaller on the ADSL side go bad and lose value over time
especially if you also have a crappy switch mode (SMPS) wart.
Adding a fan also helps but use low power <100mA 5V units from older laptops or optical drive(s).
Worth a drop of thermal compound on the heatsink if present.
I akm still trying to determine if the memory and 8 pin Flash can be upgraded, some can but depends
if you also have a reader that can copy them. 25Q32 is a common enough chip.
Its risky but worth it as this allows OpenWRT to be run in many cases, doubling RAM is completely
feasible if firmware is also replaced at the same time.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
